Install and configure a special deployment user on your system.
This example is taken from molecule/default/converge.yml
and is tested on each push, pull request and release.
---
- name: Converge
hosts: all
become: true
gather_facts: false
roles:
- role: tehtbl.deployment_user
The machine you are running this on, may need to be prepared, I use this playbook to ensure everything is in place to let the role work.
---
- name: Prepare
hosts: all
become: true
gather_facts: false
roles:
- role: tehtbl.bootstrap
- role: tehtbl.ssh_server
These variables are set in defaults/main.yml
:
---
# ------------------------------------------------------------------------
# defaults file for deployment_user
# ------------------------------------------------------------------------
# Set deployment user
deployment_user_name: root
# Set groups to be assigned deployment user for
deployment_user_grps:
- admins
# Checks for password changes
deployment_user_check_new_pw: false
deployment_user_check_rnd_pwd: false
# Password for when deployment_user_check_new_pw == True
deployment_user_new_pw: "{{ 'password' | password_hash('sha512') }}"
# Sudo commands a deployment user can run
deployment_user_sudo_wo_password: false
# Sudo commands a deployment user can run
deployment_user_sudoers_commands:
- /bin/dmesg
- /usr/bin/apt update
- /usr/bin/apt upgrade
- /usr/bin/apt autoclean
- /usr/bin/apt autoremove
- /usr/bin/apt-get update
- /usr/bin/apt-get upgrade
- /usr/bin/apt-get autoclean
- /usr/bin/apt-get autoremove
- /usr/bin/lsof -Pni
- /usr/bin/tail -f /var/log/syslog
- /usr/sbin/ntpdate -uv *
- /sbin/poweroff
- /sbin/reboot
# Allowed SSH public key for user
deployment_user_pubkeys:
- pubkey: ssh-rsa AAAAB3Nxxx== comment
state: present
- Access to a repository containing packages, likely on the internet.
- A recent version of Ansible. (Tests run on the current, previous and next release of Ansible.)
The following roles can be installed to ensure all requirements are met, using ansible-galaxy install -r requirements.yml
:
- tehtbl.ssh_server
This role is a part of many compatible roles. Have a look at my other roles for further information.
This role has been tested on these Docker images:
container | tag | allow_failures |
---|---|---|
debian | stable | no |
debian | testing | no |
debian | unstable | yes |
ubuntu | xenial | yes |
ubuntu | bionic | no |
ubuntu | focal | no |
ubuntu | devel | yes |
This role has been tested on these Ansible versions:
- ansible>=2.8, <2.9
- ansible>=2.9
- git+https://github.com/ansible/ansible.git@devel
Unit tests are done on every commit, pull request, release and periodically.
If you find issues, please register them in GitHub
Testing is done using Tox and Molecule:
Tox tests multiple Ansible versions. Molecule tests multiple distributions.
To test using the defaults (any installed Ansible version, namespace: tehtbl
, image: ubuntu
, tag: latest
):
molecule test
# Or select a specific image:
IMAGE="ubuntu" molecule test
# Or select a specific image and a specific tag:
IMAGE="debian" TAG="stable" tox
Or you can test multiple versions of Ansible, and select the correct images:
Tox allows multiple versions of Ansible to be tested. To run the default (namespace: tehtbl
, image: ubuntu
, tag: latest
) tests:
tox
# To run Ubuntu (namespace: `tehtbl`, tag: `latest`)
IMAGE="ubuntu" tox
# Or customize more:
IMAGE="debian" TAG="stable" tox -e py37-ansible-current
Install vagrant
plugins via:
vagrant plugin install vagrant-reload
Start Tests via VirtualBox Provider:
vagrant up
MIT License
This work is based on the great work of many people, e.g. Robert de Bock, Jeff Geerling and Thomas Waldmann. Thank you!